CVE-2022-49706: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is calculated as 0. This causes a WARN_ON() in iomap_iter(): [17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80 [...] [17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80 [...] [17309.754560] Call Trace: [17309.757078] <TASK> [17309.759240] ? lock_is_held_type+0xd8/0x130 [17309.763531] iomap_readahead+0x1a8/0x870 [17309.767550] ? iomap_read_folio+0x4c0/0x4c0 [17309.771817] ? lockdep_hardirqs_on_prepare+0x400/0x400 [17309.778848] ? lock_release+0x370/0x750 [17309.784462] ? folio_add_lru+0x217/0x3f0 [17309.790220] ? reacquire_held_locks+0x4e0/0x4e0 [17309.796543] read_pages+0x17d/0xb60 [17309.801854] ? folio_add_lru+0x238/0x3f0 [17309.807573] ? readahead_expand+0x5f0/0x5f0 [17309.813554] ? policy_node+0xb5/0x140 [17309.819018] page_cache_ra_unbounded+0x27d/0x450 [17309.825439] filemap_get_pages+0x500/0x1450 [17309.831444] ? filemap_add_folio+0x140/0x140 [17309.837519] ? lock_is_held_type+0xd8/0x130 [17309.843509] filemap_read+0x28c/0x9f0 [17309.848953] ? zonefs_file_read_iter+0x1ea/0x4d0 [zonefs] [17309.856162] ? trace_contention_end+0xd6/0x130 [17309.862416] ? __mutex_lock+0x221/0x1480 [17309.868151] ? zonefs_file_read_iter+0x166/0x4d0 [zonefs] [17309.875364] ? filemap_get_pages+0x1450/0x1450 [17309.881647] ? __mutex_unlock_slowpath+0x15e/0x620 [17309.888248] ? wait_for_completion_io_timeout+0x20/0x20 [17309.895231] ? lock_is_held_type+0xd8/0x130 [17309.901115] ? lock_is_held_type+0xd8/0x130 [17309.906934] zonefs_file_read_iter+0x356/0x4d0 [zonefs] [17309.913750] new_sync_read+0x2d8/0x520 [17309.919035] ? __x64_sys_lseek+0x1d0/0x1d0 Furthermore, this causes iomap_readahead() to loop forever as iomap_readahead_iter() always returns 0, making no progress. Fix this by treating reads after the file size as access to holes, setting the iomap type to IOMAP_HOLE, the iomap addr to IOMAP_NULL_ADDR and using the length argument as is for the iomap length. To simplify the code with this change, zonefs_iomap_begin() is split into the read variant, zonefs_read_iomap_begin() and zonefs_read_iomap_ops, and the write variant, zonefs_write_iomap_begin() and zonefs_write_iomap_ops.
AI Analysis
Technical Summary
CVE-2022-49706 is a vulnerability identified in the Linux kernel's zonefs filesystem implementation, specifically within the zonefs_iomap_begin() function used for handling file read operations on sequential zone files. The issue arises when a readahead operation is issued with an offset exactly equal to the current file size. Under these conditions, the iomap type is incorrectly set to IOMAP_UNWRITTEN, which prevents IO operations, but the iomap length is calculated as zero. This leads to a kernel warning (WARN_ON()) in the iomap_iter() function and causes the iomap_readahead() function to enter an infinite loop because iomap_readahead_iter() continuously returns zero, indicating no progress. The root cause is the mishandling of reads beyond the file size boundary, which should be treated as accesses to holes (unallocated or sparse regions) in the file. The fix involves treating such reads as holes by setting the iomap type to IOMAP_HOLE, the iomap address to IOMAP_NULL_ADDR, and correctly using the length argument for the iomap length. Additionally, the zonefs_iomap_begin() function was refactored into separate read and write variants to simplify the code and prevent recurrence of this issue. This vulnerability can cause kernel warnings and potentially lead to denial of service conditions due to kernel thread hangs or resource exhaustion from the infinite loop in the kernel's IO subsystem. The vulnerability affects Linux kernel versions containing the vulnerable zonefs implementation, which is used for managing zoned block devices, a storage technology increasingly relevant for high-capacity drives. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49706 primarily revolves around system stability and availability. Organizations running Linux systems with zoned block device support enabled and utilizing zonefs for file operations may experience kernel warnings and potential system hangs or degraded performance due to the infinite loop in the readahead logic. This could lead to denial of service conditions affecting critical infrastructure, data centers, and cloud service providers that rely on Linux servers for storage management. Given the increasing adoption of zoned storage devices in enterprise environments for cost and efficiency benefits, this vulnerability could disrupt file read operations, impacting applications dependent on timely data access. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact could affect business continuity, especially in sectors such as finance, telecommunications, and manufacturing where Linux-based storage servers are prevalent. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future attacks or accidental triggers causing service interruptions.
Mitigation Recommendations
To mitigate CVE-2022-49706, European organizations should: 1) Apply the official Linux kernel patches that address this issue as soon as they become available from trusted sources or Linux distribution vendors. 2) Identify and inventory systems using zoned block devices and zonefs to prioritize patching efforts. 3) Temporarily disable zonefs support or avoid using zoned block devices in environments where stability is critical until patches are applied. 4) Monitor kernel logs for WARN_ON() messages related to iomap_iter or zonefs to detect potential exploitation or accidental triggering of the vulnerability. 5) Implement robust kernel update policies and test patches in staging environments to ensure compatibility and stability before production deployment. 6) Engage with hardware vendors to understand the usage of zoned block devices and coordinate firmware and driver updates that complement kernel fixes. 7) Consider deploying kernel live patching solutions where feasible to reduce downtime during patch application.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49706: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is calculated as 0. This causes a WARN_ON() in iomap_iter(): [17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80 [...] [17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80 [...] [17309.754560] Call Trace: [17309.757078] <TASK> [17309.759240] ? lock_is_held_type+0xd8/0x130 [17309.763531] iomap_readahead+0x1a8/0x870 [17309.767550] ? iomap_read_folio+0x4c0/0x4c0 [17309.771817] ? lockdep_hardirqs_on_prepare+0x400/0x400 [17309.778848] ? lock_release+0x370/0x750 [17309.784462] ? folio_add_lru+0x217/0x3f0 [17309.790220] ? reacquire_held_locks+0x4e0/0x4e0 [17309.796543] read_pages+0x17d/0xb60 [17309.801854] ? folio_add_lru+0x238/0x3f0 [17309.807573] ? readahead_expand+0x5f0/0x5f0 [17309.813554] ? policy_node+0xb5/0x140 [17309.819018] page_cache_ra_unbounded+0x27d/0x450 [17309.825439] filemap_get_pages+0x500/0x1450 [17309.831444] ? filemap_add_folio+0x140/0x140 [17309.837519] ? lock_is_held_type+0xd8/0x130 [17309.843509] filemap_read+0x28c/0x9f0 [17309.848953] ? zonefs_file_read_iter+0x1ea/0x4d0 [zonefs] [17309.856162] ? trace_contention_end+0xd6/0x130 [17309.862416] ? __mutex_lock+0x221/0x1480 [17309.868151] ? zonefs_file_read_iter+0x166/0x4d0 [zonefs] [17309.875364] ? filemap_get_pages+0x1450/0x1450 [17309.881647] ? __mutex_unlock_slowpath+0x15e/0x620 [17309.888248] ? wait_for_completion_io_timeout+0x20/0x20 [17309.895231] ? lock_is_held_type+0xd8/0x130 [17309.901115] ? lock_is_held_type+0xd8/0x130 [17309.906934] zonefs_file_read_iter+0x356/0x4d0 [zonefs] [17309.913750] new_sync_read+0x2d8/0x520 [17309.919035] ? __x64_sys_lseek+0x1d0/0x1d0 Furthermore, this causes iomap_readahead() to loop forever as iomap_readahead_iter() always returns 0, making no progress. Fix this by treating reads after the file size as access to holes, setting the iomap type to IOMAP_HOLE, the iomap addr to IOMAP_NULL_ADDR and using the length argument as is for the iomap length. To simplify the code with this change, zonefs_iomap_begin() is split into the read variant, zonefs_read_iomap_begin() and zonefs_read_iomap_ops, and the write variant, zonefs_write_iomap_begin() and zonefs_write_iomap_ops.
AI-Powered Analysis
Technical Analysis
CVE-2022-49706 is a vulnerability identified in the Linux kernel's zonefs filesystem implementation, specifically within the zonefs_iomap_begin() function used for handling file read operations on sequential zone files. The issue arises when a readahead operation is issued with an offset exactly equal to the current file size. Under these conditions, the iomap type is incorrectly set to IOMAP_UNWRITTEN, which prevents IO operations, but the iomap length is calculated as zero. This leads to a kernel warning (WARN_ON()) in the iomap_iter() function and causes the iomap_readahead() function to enter an infinite loop because iomap_readahead_iter() continuously returns zero, indicating no progress. The root cause is the mishandling of reads beyond the file size boundary, which should be treated as accesses to holes (unallocated or sparse regions) in the file. The fix involves treating such reads as holes by setting the iomap type to IOMAP_HOLE, the iomap address to IOMAP_NULL_ADDR, and correctly using the length argument for the iomap length. Additionally, the zonefs_iomap_begin() function was refactored into separate read and write variants to simplify the code and prevent recurrence of this issue. This vulnerability can cause kernel warnings and potentially lead to denial of service conditions due to kernel thread hangs or resource exhaustion from the infinite loop in the kernel's IO subsystem. The vulnerability affects Linux kernel versions containing the vulnerable zonefs implementation, which is used for managing zoned block devices, a storage technology increasingly relevant for high-capacity drives. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49706 primarily revolves around system stability and availability. Organizations running Linux systems with zoned block device support enabled and utilizing zonefs for file operations may experience kernel warnings and potential system hangs or degraded performance due to the infinite loop in the readahead logic. This could lead to denial of service conditions affecting critical infrastructure, data centers, and cloud service providers that rely on Linux servers for storage management. Given the increasing adoption of zoned storage devices in enterprise environments for cost and efficiency benefits, this vulnerability could disrupt file read operations, impacting applications dependent on timely data access. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact could affect business continuity, especially in sectors such as finance, telecommunications, and manufacturing where Linux-based storage servers are prevalent. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future attacks or accidental triggers causing service interruptions.
Mitigation Recommendations
To mitigate CVE-2022-49706, European organizations should: 1) Apply the official Linux kernel patches that address this issue as soon as they become available from trusted sources or Linux distribution vendors. 2) Identify and inventory systems using zoned block devices and zonefs to prioritize patching efforts. 3) Temporarily disable zonefs support or avoid using zoned block devices in environments where stability is critical until patches are applied. 4) Monitor kernel logs for WARN_ON() messages related to iomap_iter or zonefs to detect potential exploitation or accidental triggering of the vulnerability. 5) Implement robust kernel update policies and test patches in staging environments to ensure compatibility and stability before production deployment. 6) Engage with hardware vendors to understand the usage of zoned block devices and coordinate firmware and driver updates that complement kernel fixes. 7) Consider deploying kernel live patching solutions where feasible to reduce downtime during patch application.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.444Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe48db
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:26:37 AM
Last updated: 8/17/2025, 3:13:56 PM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.